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CLAIMS 

What is claimed is : 

1 . A method comprising: 

receiving in a virtual machine contents of a program for creating a 
virtual environment for interacting with a host platform in a computing 
device; and 

determining by the virtual machine if the received contents 
comprises predetermined instructions for performing at least one 
unauthorized task. 

2. The method of claim 1 , wherein the determining if the received contents 
comprises predetermined instructions further comprises: 

comparing the received contents of the program to at least one 
predetermined instruction patterns corresponding to the predetermined 
instructions for performing the at least one unauthorized task; and 

purging the predetermined instructions firom the received contents based 
on the comparing. 

3. The method of claim 2, wherein the comparing the contents of the 
received program to at least one predetermined instruction patterns further 
comprises: 

searching predetermined locations of the received contents of the 
program for the predetermined instructions. 

4. The method of claim 2, wherein the virtual machine comprises a 
translation cache, wherein the contents of the program reside in the translation cache, 
and wherein determining if the received contents comprises predetermined instructions 

further comprises: 

checking a branch target at the outlets of the translation cache; and 
determining if tiiie checked branch target comprises at least one of a 
translation cache and the execution engine. 
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5. The method of claim 4, ftirther comprising: 

generating checking and determining instructions for performing 
the checking the branch target and determining if the checked branch 
target comprises at least one of a translation cache and the execution 
engine. 

6. The method of cl^m 2, wherein the virtual machine comprises an 
execution engine and at least one interpret function invoked by the execution 
engine, wherein the contents of the program reside in the at least one mterpret 
function. 

7. A system comprising: 

a virtual machine to receive contents of a program for creating a virtual 
environment for interacting with a host platform in a computing device, the 
virtual machine comprising a detector subsystem to determine if the received 
contents comprises predetermined instructions for performing at least one 
unauthorized task. 

8. The system of claim 7, wherein the detector subsystem is to purge the 
predetermined instructions from the received contents of the program, wherein the 
detector subsystem further comprises: 

a comparator logic to compare the received contents of the program 

to at least one predetermined instruction patterns corresponding to the 

predetermined instructions for performing the at least one unauthorized task; 

and 

a search logic to search predetermmed locations of the received contents of 
the program for the predetermined instructions. 

9. The system of claim 7, wherein the virtual machine comprises: 
at least one of a translation cache to store translation data; 
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a translation engine to invoke the detector subsystem to determine 
if the contents of a translation data storage comprises predetermined 
instructions for performing at least one unauthorized task; 

at least one loader, to receive contents of a program and to invoke 
the detector subsystem; 

at least one interpreter function; and 

an execution engine to invoke the detector subsystem to determine if 
the contents of the at least one interpret function invoked by the execution 
engine comprises predetermined instructions for performing at least one 
unauthorized task. 

1 0. The system of claim 9, wherein the detector subsystem further 
comprises: 

translation cache logic to check a branch target at the outlets of fee 
translation cache and to determine if the checked branch target comprises at least 
one of a translation cache and the execution engine, based on translation cache 
logic instructions; and 

an instruction generation subsystem to generate the translation cache logic 

instructions. 

11. The method of claim 8, wherein the at least one predetermined 
instruction pattems are stored in a database in communication wife fee virtual 
machine. 

12. A storage medium feat provides software feat, if executed by a 
computing device, will cause fee computing device to perform fee foUowing 
operations: 

receiving in a virtual machine contents of a program for creating a 
virtual environment for interacting wife a host platform in a computing 
device; and 
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determining by the virtual machine if the received contents 
comprises predetermined instructions for performing at least one 
unauthorized task. 

13. The storage medium of claim 12 further comprising software to: 
compare the received contents of the program to at least one 

predetermined instruction patterns corresponding to the predetermined 
instructions for performing the at least one unauthorized task; and 

purge the predetermined instructions jfrom the received contents 
based on the comparing. 

14. The storage medium of claim 13 further comprising software to: 

search predetermined locations of the received contents of the program for 
the predetermined instructions 

15. A method comprising: 

receivmg a system call for a host platform in communication with 
a virtual machine of a computing device; and 

determining by the virtual machine if the received system call 
comprises at least one predetermined system call for performing at least one 
unauthorized task. 

16. The method of claim 15, wherein the determining if the received 
system call comprises predetermined system call fiirther comprises: 

comparing the system call to at least one predetermined system call 
patterns correspondmg to the predetermined system caUs for performing the at 
least one unautiaorized task. 

1 7. The method of claim 1 6, wherein the unauthorized task comprises: 
a task predetermined to be an inhibitive task by the computing 

device; and 

a task to output data into memory regions storing at least one of 
instructions and data for operations of the virtual machine. 

18 



wo 2007/076624 PCT/CN2005/002386 



18. A method comprising: 

receiving a virtualized memory address for a host platform in 
communication with a virtual machine of a computing device; and 

determining by the virtual machine if the received virtualized memory 
address comprises at least one predetermined unauthorized virtualized 
memory address. 

19. The method of claim 1 8, wherein the virtual machine further 
comprises: 

at least one of a translation cache to store translation data; 
an execution engine; and 

at least one interpret function invoked by the execution engine. 

20. The method of claim 1 9, wherein the determining by the virtual 
machine if the received vutualized memory address comprises at least one 
predetermined unauthorized virtualized memory address comprises: 

determining if the virtualized memory address is in a memory 
space available to the translation cache; 

determining if the virtualized memory address is in a memory 
space available to the at least one interpret function; and 

determining if the virtualized memory address is in a memory space region 
storing at least one of instructions and data for operations of the virtual machine. 
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